Details
Malware Family CyberGate
Date Added May 25, 2016, 3 a.m.
MD5 c7b8ed10a3cf7d75891db3adce949cff
Sha256 9f89496536cf33e4b40414e74958a53fe48911251a9a1d76b14dfa1fe4d4db57
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile FALSE
InstallFlag TRUE
CampaignID Victim
FTPPassword hoidelamgi
FTPDirectory ./logs/
Mutex ***MUTEX***
InstallDir system32
FTPPort 21
EnableMessageBox FALSE
Password 1106
FTPUserName denhatxom7
ActivateKeylogger TRUE
FTPAddress ftp.drivehq.com
REGKeyHKLM HKLM
MessageBoxButton 0
StartupPolicies Policies
FTPInterval 20
InstallMessageTitle ttulo da mensagem
KeyloggerEnableFTP TRUE
MessageBoxIcon 16
Domain bacvu.no-ip.biz,koaica.no-ip.biz,
ActiveXStartup {73YNYOPT-J5RX-V3EG-4161-UJW3BB1R7QS3}
InstallMessageBox texto da mensagem
ChangeCreationDate TRUE
CyberGateVersion
Persistance TRUE
InstallFileName svchost.exe
REGKeyHKCU HKCU
KeyloggerBackspace TRUE
HideFile TRUE
USBSpread TRUE
Port 82,82,
Advertising
VirusTotal

This hash does not exist in virustotal

Domain Data
Domain IP Country Code
bacvu.no-ip.biz 0
koaica.no-ip.biz 0
Geo Location
Yara Rules
Comments
comments powered by Disqus